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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time maybe available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )M Responsive to communication(s) filed on 06 December 2004 , 
2a)S This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G, 213. 

Disposition of Claims 

4) [3 Claim(s) 1-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) M Claim(s) 18-41 is/are allowed. 

6) D Claim(s) 1-5 and 10-17 is/are rejected. 

7) [X] Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) CZZJ Notice of References Cited (PTO-892) 

2) EH Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) C] Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) [Zl Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) EH Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 04162005 



Application/Control Number: 09/839,551 
Art Unit: 2162 



Page 2 



DETAILED ACTION 
Response to Amendment 

1 . Claims 1-41 remain pending for examination. 

Response to Applicant' Remarks 

2. Applicant's arguments filed 06 December 2004 have been fully considered but they are not 
persuasive for the following reasons, see sections A and B. 

However, with respect to claims 18-41 have been fully considered and are persuasive. The 
rejection(s) of claims 18-41 has been withdrawn as indicated in section 3. 

Claim Rejections - 35 USC § 102 

A. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-5 and 10-17 are rejected under 35 U.S.C. 102(b) as being anticipated by US Pat. No. 
5,999,71 1 issued to Misra (hereinafter "Misra"). 

As per claims 1 , Misra discloses, "a method of enabling access to a resource of a processing 
system" (see col. 1, line 49 to col. 2, line 21), comprising the steps of 

"establishing a secure communication session between a user desiring access and a logon 
component of the processing system", (see col. 1, line 60 to 2, line 3); 

"verifying that logon information, provided by the user to the logon component during the secure 
communication session, matches stored information identifying the user to the processing system", (see 
col. 1, line 66 to 2, line 4); 



Application/Control Number: 09/839,551 Page 3 

Art Unit: 2162 

"generating a security context from the logon information and authorization information that is 

necessary for access to the resource", (see col. 1, line 50-55); 

"providing the security context to the user", (see col. 1, lines 55-62); and 

"sending, by the user to the processing system, the security context and a request for access to 

the resource", (see col. 1, line 60 to col. 2, line 3). 

As per claims 2 and 16, Misra discloses, "wherein the resource is at least one of a processor, a 
program object, and a record of the processing system", (see col. 4, lines 30-35). 

As per claim 3, Misra discloses, "wherein the logon component provides a symmetric encryption 
key to the user in establishing the secure communication session", (see col. 7, lines 35-44). 

As per claim 4, Misra discloses, "wherein the logon information includes a password and at least 
one of a user identifier, an organization identifier, a sub-organization identifier, a user location, a user 
role, and a user position", (see col. 5, lines 45-55). 

As per claim 5, Misra discloses, "wherein the logon information is verified by checking for 
agreement between the stored information identifying the user to the processing system and the 
password and at least one of a user identifier, an organization identifier, a sub-organization identifier, a 
user location, a user role, and a user position provided by the user to the logon component", (see col. , 
lines 35-45). 

As per claim 10, Misra further discloses, "the step of determining, by a stateless component of 
the processing system, based on the security context sent with the request for access by the user, 
whether access to the requested resource should be granted to the user" as the authorization database 
holds no information about the user, (see col. 9, lines 20-35). 
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As per claim 11, Misra discloses, "wherein the communication device at least partially encrypts 
the request for access with a symmetric encryption key included in the security context", (see col. b, lines 
15-20). 

As per claim 12, Misra discloses, "wherein a hash value is computed over the request for access, 
the hash value is included with the security context and the request for access sent by the user to the 
processing system, the integrity of the request for access is checked based on the hash value, and 
access is granted only if the integrity of the hash value is verified", (see col. 6, lines 1-15). 

As per claim 13, Misra discloses, "wherein the user digitally signs the request for access, the 
user's digital signature is included with the security context and the request for access sent by the user to 
the processing system, the user's digital signature is checked by the processing system, and access to 
the resource is granted only if the user's digital signature is authenticated" (see col. 9, lines 15-40). 

As per claim 14, Misra discloses, "wherein the request for access comprises a wrapper", (see col. 
1, lines 49-60). 

As per claim 15, Misra further discloses, "the step, after access to the requested resource is 
granted, of sending a response to the user that includes a request counter that enables the user to match 
the response to the request for access", (see col. 5, lines 46-54). 

As per claim 17, Misra discloses, "wherein the user sends the request counter and access to the 
resource is denied if the request counter differs from a predetermined value", (see col. 2, lines 8-29). 
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B. In response to applicant's argument, page 4, that "Misra fails to disclose each of the features 
recited in claim 1 ." It is submitted that Misra discloses the limitations of claim 1 : "a method of enabling 
access to a resource of a processing system" (see col. 1, line 49 to col. 2, line 21), comprising the steps 
of 

"establishing a secure communication session between a user desiring access and a logon 
component of the processing system", (see col. 1, line 60 to 2, line 3); 

"verifying that logon information, provided by the user to the logon component during the secure 
communication session, matches stored information identifying the user to the processing system", (see 
col. 1, line 66 to 2, line 4); 

"generating a security context from the logon information and authorization information that is 
necessary for access to the resource", (see col. 1, line 50-55); 

"providing the security context to the user", (see col. 1, lines 55-62); and 

"sending, by the user to the processing system, the security context and a request for access to 
the resource", (see col. 1, line 60 to col. 2, line 3). 

Furthermore, Misra discloses the principal may send a request to logon to the distributed system 
along with the certificate of credentials that is received by the distributed system. The secure package is 
accessed to enable the facility for checking credentials to determine whether the principal is authorized to 
connect to the distributed system. Where the principal is not authorized to connect to the distributed 
system (see col. 1, line 64 to col. 2, line 5). 

MPEP 2111 Claim Interpretation; Broadest Reasonable Interpretation 

During patent examination, the pending claims must be "given the broadest reasonable 
interpretation consistent with the specification" Applicant always has the opportunity to amend the claims 
during prosecussion and broad interpretation by the examiner reduces the possibility that the claim, once 
issued, will be interpreted more broadly than is justified. In re Prater, 162 USPQ 541,550-51 (CCPA 
1969). The court found that applicant was advocating ... the impermissible importation of subject matter 
from the specification into the claim. See also In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 1023, 
1027-28 (Fed. Cir. 1997) (The court held that the PTO is not required, in the course of prosecution, to 
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interpret claims in applications in the same manner as a court would interpret claims in an infringement 
suit. Rather, the "PTO applies to verbiage of the proposed claims the broadest reasonable meaning of 
the words in their ordinary usage as they would be understood by one of ordinary skill in the art, taking 
into account whatever enlightenment by way of definition or otherwise that may be afforded by the written 
description contained in application's specification."). 

The broadest reasonable interpretation of the claims must also be consistent with the 
interpretation that those skilled in the art would reach. In re Cortright, 165 F.3d 1353, 1359, 49 USPQ2d 
1464, 1468 (Fed. Cir. 1999). 

For the above reasons, it is believed that the last Office Action was proper. 

Allowable Subject Matter 

3. Claims 6-9 are objected to as being dependent upon a rejected base claim, but would be 
allowable if rewritten in independent form including all of the limitations of the base claim and any 
intervening claims. 

With respect to claims 18-41 are allowed over the prior art of record. 
The prior art of record fails to teach of suggest: 

A method of accessing a resource of a processing system, comprising the steps of: providing by 
a user logon information to a logon component of the processing system during a secure communication 
session between the user and the processing system; verifying that the provided logon information 
matches stored information identifying the user to the processing system; generating a security context 
from the logon information and authorization information that is necessary for access to the resource, 
wherein the security context comprises a plaintext header and an encrypted body; the plaintext header 
comprises a security context ID, a key handle, and an algorithm identifier and key size; and the encrypted 
body comprises at least one of a user identifier, an organization identifier, access information, an 
expiration time, public key information, symmetric key information, and a hash; providing the security 
context to the user; sending, by the user to the processing system, the security context and a request for 



Application/Control Number: 09/839,551 Page 7 

Art Unit: 2162 

access to the resource; and determining, by a stateless component of the processing system, based on 
the security context sent with the request for access by the user, whether access to the requested 
resource should be granted to the user as recited in claim 18. 

A processing system having resources that are selectively accessible to users, the resources 
including processors, program objects, and records, the processing system comprising: a communication 
device through which a user desiring access to a resource communicates sends and receives information 
in a secure communication session with the processing system; an information database that stores 
information identifying users to the processing system and authorization information that identifies 
resources accessible to users and that is necessary for access to resources; and a logon component that 
communicates with the communication device and with the information database, wherein the logon 
component receives logon information provided by the user during the secure communication session, 
verifies the received logon information by matching against information identifying the user to the 
processing system that is retrieved from the information database, and generates a security context from 
the received logon information and authorization information; wherein the logon component provides the 
security context to the user's communication device, and the user sends, to the processing system, the 
security context and a request for access to a resource as recited in claim 29. 

The dependent claims, being definite, further limiting, and fully enabled by the specification are 
also allowed. 
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Conclusion 

4. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 
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CONTACT INFORMATION 



Any inquiry concerning this communication or earlier communications from the examiner should 



be directed to JEAN B. FLEURANTIN whose telephone number is 571 - 272-4035. The examiner can 
normally be reached on 7:05 to 4:35. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
JOHN E BREENE can be reached on 571 - 272-4107. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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